Описание
Dolibarr Stored Cross-site Scripting
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.
Пакеты
dolibarr/dolibarr
= 11.0.4
Отсутствует
Связанные уязвимости
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS.
The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup doc ...